An Electrum user lost 1,400 BTC after downloading an old wallet version running on malicious servers. This vulnerability has been fixed in versions 3.3.4 and higher.
According to Twitter user Verretor, an industry contributor reported on GitHub that 1400 BTC was stolen from him after installing an old version of the Electrum wallet. According to the publication, the affected user claims:
“I had 1,400 BTC, which I have not touched since 2017. I foolishly installed an older version of Electrum. I tried to transfer 1 BTC but was unable to do so. A notification has appeared in the wallet, requiring an update of the program and security settings for the transfer. I installed the update and immediately after that all the coins went to the address of the scammers. “
In the past year, the Electrum wallet has been hit by several attacks . The last attack in April 2109 involved a network of infected devices with 140,000 units. Hackers tried to disable the Electrum servers and at the same time send users hacked versions of the wallet, the installation of which leads to the loss of funds.
At one point, attackers controlled nearly 71% of all nodes, and users received fake error messages requiring them to download a malware-infected wallet disguised as a security update. Apparently, it was because of this vulnerability that the user lost 1,400 BTC.
According to Malwarebytes Labs, during last year’s attacks, hackers managed to steal private keys and upload them to a remote server:
“In addition to stealing wallet data, any balance in the wallet is sent to one of several addresses that are under the control of attackers. The chosen destination address depends on the address format used by the Electrum wallet for infected users. “
During the attacks, Electrum developer Thomas Voegtlin urged users to update their software, but it seems that not everyone paid attention to his words. All versions of the wallet prior to 3.3.4 are vulnerable to such phishing attacks.
“Electrum wallet users should update their software to the latest version from the official repository and be especially careful about update messages or other warnings that might be disguised phishing attempts,” Wogtlin said last year.